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We claim: 

V 1 . A method of decrypting data stored on a storage medium using an 
encryption/decryption core embedded on a data storage engine, the method comprising: 
generating an internal key using the data storage engine; 
grieving a medium key stored on the storage medium using the internal key; 
generating a combination key by combining the medium key with the internal 



key; 



decrypting \first portion of data stored on the storage medium using said first 



combination key. \^ 



\ 

2. The method of Claim l\wherein the retrieving a medium key stored on the 
storage medium further comprises: 

decrypting a master media kej 

generating the medium key from the master media key; 

3. The method of Claim 1 wherein the'mten^.key is generated by a pseudo- 
random number generator. 



4. The method of Claim 2 wherein the master media key ^decrypted using triple 
DES for two keys, wherein a first key is a first internal key and a second ke\is a second 
internal key. 
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The method of Claim 2 wherein the master media key is a 256-bit random 
number arid the plurality of medium keys are generated by dividing the master media key into 
a plurality of*64-bit numbers. 



a\ 



\ 

\ 



6. The method of Claim 1 wherein the combination key is generated by 
combining the internalUcey with the medium key in an exclusive OR function. 



7. The method df Claim 1 wherein the first portion is decrypted using triple DES 
for two keys, wherein a first ke\is the combination key and a second key is an internal key. 



8. The method of Claim ^herein the plurality of medium keys comprises a 



Awnf 
syste: 



mastered system area key, a writable sys\em area key, and a file system information key. 

9. The method of Claim 2 further comprising: 
generating an additional internal ke\ 

1 0. The method of Claim 9 wherein: 
the plurality of medium keys comprises a mastered system area key; 
the first portion of data comprises mastered data;** 
generating a combination key further comprises combining the mastered 

system area key with the internal key in an XOR function; and\ 

decrypting the first portion further comprises using triple DES with two keys, 
wherein the first key is the combination key and the second key is th\ additional 
internal key. ^ 



\ 
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1 1 . The method of Claim 9 wherein: 

\ 

\ the plurality of medium keys comprises a writable system area key; 
"the first portion of data comprises unmastered data; 

generating a first combination key further comprises combining the writable 
system area Vey with the internal key in an XOR function; and 

decrypting the first portion further comprises using triple DES with two keys, 
wherein the first kXjMS the combination key and the second key is the additional 
internal key. \^ 

\ 

12. The method of ClairnN^ 1 further comprising: 

storing a second portionW data on said unmastered area; and 

encrypting the second portion of data using single DES, wherein the key is the 

combination key. 



13. The method of Claim 9 wherein the plurality of medium keys comprises a file 
system information key, the method further comprising^ 

generating an additional combination key by combining the file system 
information key with the internal key in an XOR function; 

decrypting a file system stored on the storage medium; 

decrypting a file pointer linking the file system to trie first portion of data 
using triple DES with two keys, wherein the first key is the \ond combination key 
and the second key is the additional internal key. 
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A method of decrypting data using a data storage engine comprising a data 
buffer anc\an ASIC, the ASIC having an encryption/decryption engine and a pseudo-random 
number generator, and the data being stored on a storage medium, the method comprising: 
\generating a plurality of internal keys using the pseudo-random number 
generator 

decrypting a master media key and a file system structure corresponding to a 
first portion oluhe data using at least one internal key; 

generating a plurality of medium keys from the master media key; 
generating a,plurality of combination keys from the plurality of medium keys 
1 0 and the plurality of irrternal keys; 

i \ 

3 decrypting a firs\portion of the data using a first combination key. 




" j! 15. The method of Claimed 4 wherein the pseudo-random number generator 

* comprises a logical feedback shift regi^er, and wherein "generating a plurality of internal 
3 5 keys" further comprises: 

a . 

□ seeding the logical feedback Sjiift register with a seed stored in a flash 

3 

3 memory. 

16. The method of Claim 14 further comprising: 
20 decrypting a plurality of file pointers linking the file system structure to the 

data using a second combination key, wherein the fljurality of decrypted file pointers 
is stored within the ASIC. 
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1 7. The method of Claim 14 wherein said first portion\omprises mastered data, 
the method further comprising: \ 

19 \ 



encrypting a second portion of data, the second portion comprising 
unmas\ered data. 

1 8. TheVnethod of Claim 1 7 wherein: 

said decrypting a first portion of data further comprises decrypting using triple 
DES with two keys, wherein a first key is the first combination key and the second 
key is a first internal key; and 

said encrypting further comprises encrypting using single DES, wherein the 
key is a second combination key. 

1 9. The method of Claim\l4 further comprising 

decrypting a second portion of the data using a second combination key, 
wherein the first portion comprise^mastered data and the second portion comprises 
data saved by a user. 



20. A method of encrypting data store\j on a storage medium using an 
cryption/decryption core embedded on a data storage engine, the method comprising: 
generating a plurality of internal keys uVng the data storage engine; 
decrypting a master media key stored on u\e storage medium using at least 
of the plurality of internal keys; 

generating a plurality of medium keys from theViaster media key; 
generating a first combination key by combining a\nedium key with an 
internal key; 

encrypting a portion of unmastered data using said first\ombination key; 
storing the portion on the storage medium. 
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. The method of Claim 20 wherein encrypting a first portion further comprises 
encrypting^sing single DES. 

22. ^^method of decrypting data stored on a storage medium using a data storage 
engine, the method comprising: 

decr^ting a file system structure corresponding to the data, the file system 

structure comprising at least one file; 

decrypting^ file pointer, the file pointer indicating a location on the storage 

1 0 medium of a file in the file system structure; 

! \ 

i retrieving a portion of the data from the location indicated by the file pointer. 

! V 

23 . The method of Claim >22 further comprising decrypting the portion of data 
stored at the location indicated by the filfe pointer. 

P 

• s 

3 24. The method of Claim 22 wherekt the data storage engine comprises an 

^ \ 

3 application specific integrated circuit and a data Buffer, wherein the file pointer is double 
encrypted, and wherein "decrypting a file pointer" farther comprises: 

decrypting the double encrypted file poimer, such that the file pointer is single 
20 encrypted; 

storing the single encrypted file pointer in the cfeta buffer; 
retrieving the single encrypted file pointer from thXdata buffer; 
decrypting the single encrypted file pointer within the\pplication specific 
integrated circuit. 
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25. Tti^m^thod of Claim 24 further comprising: 

sending the portioQ^of data retrieved from the location indicated by the file 
pointer to the data buffer. 
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